diff --git a/internal/commands/account/token/create_test.go b/internal/commands/account/token/create_test.go index 3540b1d4b..af67d25e4 100644 --- a/internal/commands/account/token/create_test.go +++ b/internal/commands/account/token/create_test.go @@ -38,7 +38,7 @@ func TestCreateToken(t *testing.T) { AllowedIPRanges: nil, }, resp: &upcloud.Token{ - APIToken: "ucat_01JH5D3ZZJVZS6JC713FA11CB8", + APIToken: "test-token", ID: "0cd8eab4-ecb7-445b-a457-6019b0a00496", Name: "test", Type: "workspace", diff --git a/internal/commands/server/firewall/show.go b/internal/commands/server/firewall/show.go index 897c1d726..445e3657e 100644 --- a/internal/commands/server/firewall/show.go +++ b/internal/commands/server/firewall/show.go @@ -159,10 +159,10 @@ func formatMatch(address fwRuleAddress) string { if ipStart.Equal(ipStop) { // TODO: ermm, reimplement.. when we figure out if this is really needed + how to do it // sb.WriteString(ui.DefaultAddressColours.Sprint(ipStart)) - sb.WriteString(fmt.Sprint(ipStart)) + fmt.Fprint(&sb, ipStart) } else { // sb.WriteString(ui.DefaultAddressColours.Sprintf("%s →\n%s", ipStart, ipStop)) - sb.WriteString(fmt.Sprintf("%s →\n%s", ipStart, ipStop)) + fmt.Fprintf(&sb, "%s →\n%s", ipStart, ipStop) } } if address.PortStart != "" { @@ -170,9 +170,9 @@ func formatMatch(address fwRuleAddress) string { sb.WriteString("\n") } if address.PortStart == address.PortEnd { - sb.WriteString(fmt.Sprintf("port: %s", address.PortStart)) + fmt.Fprintf(&sb, "port: %s", address.PortStart) } else { - sb.WriteString(fmt.Sprintf("port: %s → %s", address.PortStart, address.PortEnd)) + fmt.Fprintf(&sb, "port: %s → %s", address.PortStart, address.PortEnd) } } return sb.String() diff --git a/internal/commands/stack/dokku/dokku.go b/internal/commands/stack/dokku/dokku.go index 75ce545a9..0b4558944 100644 --- a/internal/commands/stack/dokku/dokku.go +++ b/internal/commands/stack/dokku/dokku.go @@ -143,7 +143,7 @@ func (s *deployDokkuCommand) deploy(exec commands.Executor, configDir string) er return err } defer func(name string) { - errRemove := os.Remove(name) + errRemove := os.Remove(name) //gosec:disable G703 -- temp path is created by os.CreateTemp above if errRemove != nil { fmt.Printf("failed to remove temp file %s: %v\n", name, errRemove) } diff --git a/internal/commands/stack/helm.go b/internal/commands/stack/helm.go index b539e4526..39aaefa45 100644 --- a/internal/commands/stack/helm.go +++ b/internal/commands/stack/helm.go @@ -327,7 +327,7 @@ func UninstallHelmRelease(releaseName, logDir string) error { } if resp != nil { - fmt.Fprintf(logFile, "Uninstalled release %q: %s\n", releaseName, resp.Info) + fmt.Fprintf(logFile, "Uninstalled release %q: %s\n", releaseName, resp.Info) //gosec:disable G705 -- writes to local log file, not HTML } return nil diff --git a/internal/commands/stack/starterkit/starterkit.go b/internal/commands/stack/starterkit/starterkit.go index dc0de7108..3145377df 100644 --- a/internal/commands/stack/starterkit/starterkit.go +++ b/internal/commands/stack/starterkit/starterkit.go @@ -139,13 +139,13 @@ func buildSummary( // Kubernetes b.WriteString("KUBERNETES CLUSTER\n") if cluster != nil { - b.WriteString(fmt.Sprintf(" Name: %s\n", cluster.Name)) - b.WriteString(fmt.Sprintf(" UUID: %s\n", cluster.UUID)) - b.WriteString(fmt.Sprintf(" Zone: %s\n", cluster.Zone)) - b.WriteString(fmt.Sprintf(" Network: %s\n", cluster.Network)) + fmt.Fprintf(&b, " Name: %s\n", cluster.Name) + fmt.Fprintf(&b, " UUID: %s\n", cluster.UUID) + fmt.Fprintf(&b, " Zone: %s\n", cluster.Zone) + fmt.Fprintf(&b, " Network: %s\n", cluster.Network) if kubeconfigPath != "" { - b.WriteString(fmt.Sprintf(" Kubeconfig: %s\n", kubeconfigPath)) - b.WriteString(fmt.Sprintf(" Set env: export KUBECONFIG=%s\n", kubeconfigPath)) + fmt.Fprintf(&b, " Kubeconfig: %s\n", kubeconfigPath) + fmt.Fprintf(&b, " Set env: export KUBECONFIG=%s\n", kubeconfigPath) b.WriteString(" Test: kubectl get nodes\n") b.WriteString(" Ingress LB: kubectl -n ingress-nginx get svc ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].hostname}{\"\\n\"}'\n") } @@ -155,9 +155,9 @@ func buildSummary( // Network & Router b.WriteString("NETWORKING\n") if network != nil { - b.WriteString(fmt.Sprintf(" Network: %s (UUID: %s)\n", network.Name, network.UUID)) + fmt.Fprintf(&b, " Network: %s (UUID: %s)\n", network.Name, network.UUID) if len(network.IPNetworks) > 0 { - b.WriteString(fmt.Sprintf(" CIDR: %s\n", network.IPNetworks[0].Address)) + fmt.Fprintf(&b, " CIDR: %s\n", network.IPNetworks[0].Address) if network.IPNetworks[0].DHCP == upcloud.True { b.WriteString(" DHCP: enabled\n") } else { @@ -166,17 +166,17 @@ func buildSummary( } } if router != nil { - b.WriteString(fmt.Sprintf(" Router: %s (UUID: %s)\n", router.Name, router.UUID)) + fmt.Fprintf(&b, " Router: %s (UUID: %s)\n", router.Name, router.UUID) } b.WriteString("\n") // Managed Database b.WriteString("MANAGED DATABASE\n") if db != nil { - b.WriteString(fmt.Sprintf(" Name: %s (UUID: %s)\n", db.Title, db.UUID)) - b.WriteString(fmt.Sprintf(" Type/Plan: %s / %s\n", db.Type, db.Plan)) - b.WriteString(fmt.Sprintf(" State: %s\n", db.State)) - b.WriteString(fmt.Sprintf(" ServiceURI: %s\n", db.ServiceURI)) + fmt.Fprintf(&b, " Name: %s (UUID: %s)\n", db.Title, db.UUID) + fmt.Fprintf(&b, " Type/Plan: %s / %s\n", db.Type, db.Plan) + fmt.Fprintf(&b, " State: %s\n", db.State) + fmt.Fprintf(&b, " ServiceURI: %s\n", db.ServiceURI) } else { b.WriteString(" (not created)\n") } @@ -185,25 +185,25 @@ func buildSummary( // Managed Object Storage b.WriteString("OBJECT STORAGE\n") if obj != nil { - b.WriteString(fmt.Sprintf(" Name: %s (UUID: %s)\n", obj.Name, obj.UUID)) - b.WriteString(fmt.Sprintf(" Region: %s\n", obj.Region)) - b.WriteString(fmt.Sprintf(" State: %s\n", obj.OperationalState)) + fmt.Fprintf(&b, " Name: %s (UUID: %s)\n", obj.Name, obj.UUID) + fmt.Fprintf(&b, " Region: %s\n", obj.Region) + fmt.Fprintf(&b, " State: %s\n", obj.OperationalState) // If API provides endpoint(s) if len(obj.Endpoints) > 0 { - b.WriteString(fmt.Sprintf(" DomainName: %s\n", obj.Endpoints[0].DomainName)) - b.WriteString(fmt.Sprintf(" Type: %s\n", obj.Endpoints[0].Type)) - b.WriteString(fmt.Sprintf(" IAMURL: %s\n", obj.Endpoints[0].IAMURL)) - b.WriteString(fmt.Sprintf(" STSURL: %s\n", obj.Endpoints[0].STSURL)) + fmt.Fprintf(&b, " DomainName: %s\n", obj.Endpoints[0].DomainName) + fmt.Fprintf(&b, " Type: %s\n", obj.Endpoints[0].Type) + fmt.Fprintf(&b, " IAMURL: %s\n", obj.Endpoints[0].IAMURL) + fmt.Fprintf(&b, " STSURL: %s\n", obj.Endpoints[0].STSURL) } // If bucket was created if objBucket != "" { - b.WriteString(fmt.Sprintf(" Bucket: %s\n", objBucket)) + fmt.Fprintf(&b, " Bucket: %s\n", objBucket) } // If access key was created if objAcc != nil { - b.WriteString(fmt.Sprintf(" AccessKey: %s\n", objAcc.AccessKeyID)) - b.WriteString(fmt.Sprintf(" SecretKey: %s\n", *objAcc.SecretAccessKey)) + fmt.Fprintf(&b, " AccessKey: %s\n", objAcc.AccessKeyID) + fmt.Fprintf(&b, " SecretKey: %s\n", *objAcc.SecretAccessKey) } } else { b.WriteString(" (not created)\n") @@ -232,7 +232,7 @@ func buildSummary( // Final tips b.WriteString("NEXT STEPS\n") if kubeconfigPath != "" { - b.WriteString(fmt.Sprintf(" export KUBECONFIG=%s\n", kubeconfigPath)) + fmt.Fprintf(&b, " export KUBECONFIG=%s\n", kubeconfigPath) } b.WriteString(" Deploy ingress-nginx and your app, then point DNS (CNAME) to the LB hostname shown above.\n") diff --git a/internal/commands/stack/supabase/config.go b/internal/commands/stack/supabase/config.go index 0b4709139..43cc58232 100644 --- a/internal/commands/stack/supabase/config.go +++ b/internal/commands/stack/supabase/config.go @@ -22,7 +22,7 @@ type SupabaseConfig struct { LbHostname string ClusterName string - JWTSecret string + JWTSecret string //gosec:disable G117 -- field intentionally stores JWT signing secret AnonKey string ServiceRoleKey string PostgresPassword string diff --git a/internal/commands/storage/import.go b/internal/commands/storage/import.go index 28dc4024c..cf6b0ccd4 100644 --- a/internal/commands/storage/import.go +++ b/internal/commands/storage/import.go @@ -202,7 +202,7 @@ func (s *importCommand) ExecuteWithoutArguments(exec commands.Executor) (output. case upcloud.StorageImportSourceDirectUpload: // import from local file transferType = "upload" - sourceFile, err := os.Open(parsedSource.Path) + sourceFile, err := os.Open(parsedSource.Path) //gosec:disable G703 -- local source path is explicit CLI input if err != nil { return commands.HandleError(exec, msg, fmt.Errorf("cannot open local file: %w", err)) } @@ -247,7 +247,7 @@ func (s *importCommand) ExecuteWithoutArguments(exec commands.Executor) (output. // we have no knowledge of the remote file size, report bytes uploaded transferred := fmt.Sprintf("%sB", "-1") if statusUpdate.bytesTransferred <= math.MaxUint32 { - transferred = ui.AbbrevNumBinaryPrefix(uint(statusUpdate.bytesTransferred)) //nolint:gosec // disable G115: false positive because value is checked + transferred = ui.AbbrevNumBinaryPrefix(uint(statusUpdate.bytesTransferred)) //gosec:disable G115 -- guarded by MaxUint32 check above } exec.PushProgressUpdate(messages.Update{ Key: msg, @@ -314,7 +314,7 @@ func createStorage(exec commands.Executor, params *createParams) (upcloud.Storag } func getLocalFileSize(path string) (size int64, err error) { - stat, err := os.Stat(path) + stat, err := os.Stat(path) //gosec:disable G703 -- local path comes from explicit CLI/file URL input if err != nil { return 0, err } diff --git a/internal/config/config_test.go b/internal/config/config_test.go index e0c80813d..b8634be56 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -16,7 +16,7 @@ func TestConfig_LoadInvalidYAML(t *testing.T) { require.NoError(t, err) t.Cleanup(func() { assert.NoError(t, tmpFile.Close()) - assert.NoError(t, os.Remove(tmpFile.Name())) + assert.NoError(t, os.Remove(tmpFile.Name())) //gosec:disable G703 -- temp path is created by os.CreateTemp }) _, err = tmpFile.WriteString("usernamd:sdkfo\npassword: foo") require.NoError(t, err) @@ -27,12 +27,16 @@ func TestConfig_LoadInvalidYAML(t *testing.T) { } func TestConfig_Load(t *testing.T) { + t.Setenv("UPCLOUD_USERNAME", "") + t.Setenv("UPCLOUD_PASSWORD", "") + t.Setenv("UPCLOUD_TOKEN", "") + cfg := New() tmpFile, err := os.CreateTemp(os.TempDir(), "") require.NoError(t, err) t.Cleanup(func() { assert.NoError(t, tmpFile.Close()) - assert.NoError(t, os.Remove(tmpFile.Name())) + assert.NoError(t, os.Remove(tmpFile.Name())) //gosec:disable G703 -- temp path is created by os.CreateTemp }) _, err = tmpFile.WriteString("username: sdkfo\npassword: foo") require.NoError(t, err) @@ -74,13 +78,14 @@ func TestConfig_GetVersion(t *testing.T) { func TestConfig_LoadKeyring(t *testing.T) { t.Setenv("UPCLOUD_USERNAME", "") t.Setenv("UPCLOUD_PASSWORD", "") + t.Setenv("UPCLOUD_TOKEN", "") cfg := New() tmpFile, err := os.CreateTemp(os.TempDir(), "") require.NoError(t, err) t.Cleanup(func() { assert.NoError(t, tmpFile.Close()) - assert.NoError(t, os.Remove(tmpFile.Name())) + assert.NoError(t, os.Remove(tmpFile.Name())) //gosec:disable G703 -- temp path is created by os.CreateTemp }) _, err = tmpFile.WriteString("username: unittest") require.NoError(t, err) @@ -91,7 +96,7 @@ func TestConfig_LoadKeyring(t *testing.T) { cfg.GlobalFlags.ConfigFile = tmpFile.Name() err = cfg.Load() require.NoError(t, err) - assert.Equal(t, cfg.GetString("username"), "unittest") + assert.Equal(t, "unittest", cfg.GetString("username")) assert.Equal(t, "unittest_password", cfg.GetString("password")) t.Cleanup(func() { // remove test user from keyring diff --git a/internal/terminal/terminal.go b/internal/terminal/terminal.go index b250c1dc7..8a215d7fd 100644 --- a/internal/terminal/terminal.go +++ b/internal/terminal/terminal.go @@ -30,7 +30,7 @@ func IsStderrTerminal() bool { // GetTerminalWidth tries to figure out the width of the terminal and returns it // returns 0 if there are problems in getting the width. func GetTerminalWidth() int { - w, _, err := term.GetSize(int(os.Stdout.Fd())) + w, _, err := term.GetSize(int(os.Stdout.Fd())) //gosec:disable G115 // file descriptors are runtime-provided small integers if err != nil { return 0 } diff --git a/internal/ui/usage.go b/internal/ui/usage.go index 64e26051d..dc5a5e95c 100644 --- a/internal/ui/usage.go +++ b/internal/ui/usage.go @@ -30,9 +30,9 @@ func formatFlags(fs *pflag.FlagSet) string { } var flagText, flagUsage strings.Builder if flag.Shorthand != "" { - flagText.WriteString(fmt.Sprintf("-%s, ", flag.Shorthand)) + fmt.Fprintf(&flagText, "-%s, ", flag.Shorthand) } - flagText.WriteString(fmt.Sprintf("--%s %s", flag.Name, flag.Value.Type())) + fmt.Fprintf(&flagText, "--%s %s", flag.Name, flag.Value.Type()) flagUsage.WriteString(text.WrapSoft(flag.Usage, wrappingLineLength)) def := flag.DefValue if strings.HasSuffix(flag.Value.Type(), "Slice") || strings.HasSuffix(flag.Value.Type(), "Array") { @@ -40,7 +40,7 @@ func formatFlags(fs *pflag.FlagSet) string { def = strings.TrimSuffix(def, "]") } if def != "" { - flagUsage.WriteString(fmt.Sprintf("\nDefault: %s", def)) + fmt.Fprintf(&flagUsage, "\nDefault: %s", def) } t.Append(table.Row{flagText.String(), flagUsage.String()}) })